Block wp-login

Leírás

Block Access to wp-login.php

Locates .htaccess and inserts lines to block the default wp-login.php and creates a new secret address to use for legitimate login

When installed your server will return “403 Forbidden“ when attempts are made to access the default wp-login.php file. This has two benefits; it prevents hackers from using brute force methods to hack your website and it reduces the load on the server when such brute force attacks are launched on your site as WordPress isn’t run at all.

Telepítés

Easily prevent access to the default wp-login.php file:

1) Install Block wp-login automatically or by uploading the ZIP file.
2) Activate the plugin through the ‘Plugins’ menu in WordPress.
3) Once activated, visit “Settings – Permalinks” in the admin menu.
4) At the bottom of the page enter a new login address next to “Block wp-login”.
5) Make sure you make a note of the new address you will need to use to sign in.
6) Save the settings.

Although this plugin now detects when WordPress has been upgraded and re-installs itself, when upgrading WordPress core, you should still make sure you deactivate this plugin first just in case there is an issue.

GYIK

What is /wp-login.php ?
This is the login page for WordPress; hundreds or thousands of hits to this page is not normal and is almost certainly a brute force attempt to hack the admin password.